Updated advisory posts against rubysec/ruby-advisory-db@bf35695

Author: jasnow

advisories/_posts/2026-05-18-CVE-2026-33637.md

@@ -9,7 +9,7 @@ advisory:
   gem: faraday
   cve: 2026-33637
   ghsa: 5rv5-xj5j-3484
-  url: https://github.com/lostisland/faraday/security/advisories/GHSA-5rv5-xj5j-3484
+  url: https://nvd.nist.gov/vuln/detail/CVE-2026-33637
   title: Faraday has a possible incomplete fix for GHSA-33mh-2634-fwr2 - protocol-relative
     URI objects still bypass host scoping
   date: 2026-05-18
@@ -38,7 +38,7 @@ advisory:
     that believe they are constrained to a fixed base URL. If the
     connection carries default headers or query parameters, those
     values are forwarded to the attacker-selected host.
-  cvss_v3: 0.0
+  cvss_v3: 6.5
   unaffected_versions:
   - "< 2.0.0"
   patched_versions:
@@ -50,5 +50,4 @@ advisory:
     - https://github.com/lostisland/faraday/security/advisories/GHSA-5rv5-xj5j-3484
     - https://github.com/advisories/GHSA-33mh-2634-fwr2
     - https://github.com/advisories/GHSA-5rv5-xj5j-3484
-  notes: "- ZERO CVSS value in GHSA and NVD\n"
 ---

advisories/_posts/2026-05-18-CVE-2026-45363.md

@@ -58,6 +58,7 @@ advisory:
   - ">= 3.2.0"
   related:
     url:
+    - https://www.cve.org/CVERecord?id=CVE-2026-45363
     - https://github.com/jwt/ruby-jwt/security/advisories/GHSA-c32j-vqhx-rx3x
     - https://github.com/jwt/ruby-jwt/commit/db560b769a07bd9724e77ff505011ac01872106f
     - https://github.com/jwt/ruby-jwt/releases/tag/v3.2.0